This is post 2 of 2 in the series “Bitesize CISSP” Bitesize CISSP is a series of study notes covering the eight domains in the CISSP exam. Security Risk Management – Bitesize CISSP Study Notes Asset Security – Bitesize CISSP Study Notes Asset Security is the second domain of the CISSP. This domain focuses heavily on classification of data and labels used, various roles within an...
This is post 1 of 2 in the series “Bitesize CISSP” Bitesize CISSP is a series of study notes covering the eight domains in the CISSP exam. Security Risk Management – Bitesize CISSP Study Notes Asset Security – Bitesize CISSP Study Notes Security Risk Management is the first domain of the CISSP. These are some notes highlighting areas of study for this domain and are by no means...
In the United States, a sizable amount of the overall federal budget is allocated to defense spending. The 2018 Defense Budget was signed into law on December 12, 2017, by President Trump, which authorized just under $700 billion in defense spending (Blankenstein, 2017). In contrast to just a few years ago where the fiscal year defense spending was set at $593 billion, the amount of money set...
I was recently notified that one of the sites I support was getting a ‘C’ rating on SSL Labs. It turned out that there were three main issues that needed to be resolved. Two out of the three were relatively easy to find via the SSL Labs documentation, which required simple fixes to the ssl.conf file. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to...
Prior to any cyber attack, an organization should already have a solid crisis management plan and set of disaster recovery precautions in place. In addition to this, a risk analysis should be carried out involving a holistic approach and careful investigation of information systems and the overall environment. The purpose of such an analysis is to evaluate all endpoints that could potentially...
Organizations continue to struggle with policies and processes to effectively secure their infrastructure to protect their information assets and intellectual property. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity with increased capacity to store large amounts of data, so to...
The nature of the Internet and worldwide connectivity has changed the traditional centuries old paradigm regarding proximity. We now see threats from all parts of the global. What are three cybersecurity policies for a firm that would mitigate risks for cybersecurity attacks at the global level? Cybersecurity threats continue to rise year after year and the problem continues grow due to the...
Vulnerability assessments can be a very effective way of gathering information on an organizations internal security posture. The purpose is to accumulate data on any weaknesses revealed that should be proactively mitigated to prevent exploitation. There are a number of tools that can be used to carry out vulnerability assessments. Typically, a software-based tools are used to scan a selected...
Advanced Persistent Threats (APTs) are security threats that use advanced techniques to hide their attack from their target. They are commonly used to target specific information in high-profile companies and governments. APTs usually follow a long-term strategy of attack in order to gather information from the breached system. There have been many examples of APTs over the years targeting well...
As a developer, knowledge of web application security vulnerabilities is essential in order to build software that is both resilient to attacks and protected through a layered approach of defense. The cybersecurity landscape is constantly shifting, however a good understanding of the most common vulnerabilities is a great place to get started with security. Before reviewing the articles below, be...
The word Cybersecurity is thrown around so much these days it has almost become overused in many conversations. This is due to the vast number of topics associated with its meaning. So how can we define it better? Traditionally Cybersecurity has described as a process for securing information or assets owned by governments, organizations, and individual people. The term itself can be considered a...
The term asymmetric refers to an unequal balance or when thinking about threats, an unfair advantage to the perpetrator. Phillips, A (2012) provided an excellent overview of what an asymmetric threat is. He described attacks of this nature to be undetectable, and once occurred, impossible to determine its origin. Rubin (2007) further elaborates on this concept by defining the term asymmetry as...
This is post 12 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
This is post 11 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
This is post 10 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
This is post 9 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
This is post 8 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
This is post 7 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
This is post 6 of 12 in the series “Digital Forensics” Important Cybercrime Laws Yet More Theft of Information Assets Preparation Phase of a Digital Search Data Hiding and Steganography Confusion over Terminology Presenting Digital Evidence Remote Access Trojans Malicious Code Detection What is the Role of Computer Forensics? Forensics in Business Continuity Planning An analysis of...
I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.